EasyManua.ls Logo

Extreme Networks EPICenter Guide User Manual

Extreme Networks EPICenter Guide
268 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #112 background imageLoading...
Page #112 background image
Managing Network Security
EPICenter Concepts and Solutions Guide
112
Example: Setting the Service Type for a Built-in EPICenter Role
If you plan use an external RADIUS server to authenticate EPICenter users, but you do not want to
configure your RADIUS server with a VSA to pass role information, then you must configure your
RADIUS server’s “Service type” attribute (in the Remote Access Policy for the users who will should
have access to EPICenter) to specify the type of EPICenter user to be authenticated, as follows:
For users with an Admin role, set the Service type = 6
For users with a Manager role, set the Service type = 5
For users with a Monitor role, set the Service type = 1
To disable authentication, set the Service type to “Disabled”
If you do not change from the default (which is to disable authentication), no EPICenter users will be
able to authenticate.
If you set this Service Type in your standard Remote Access Policy, only one type of user can be
authenticated using this method. To allow the authentication of multiple types of EPICenter users,
follow the instructions in the previous section, “Example: Setting up a VSA to Return EPICenter Role
Information” or see the detailed example in Appendix D, “Configuring RADIUS for EPICenter
Authentication”.
Securing Management Traffic
Management traffic between a management application like EPICenter and the managed network
devices can reveal confidential information about your network if this traffic is transmitted in the clear.
Two approaches to encrypting this traffic is managing the network products using SNMPv3, or
accessing the network product directly using SSH.
Using SNMPv3 for Secure Management
SNMPv3 is a series RFCs (RFC 2273 through RFC 2275) defined by IETF to provide management
capabilities that guarantee authentication, message integrity, and confidentiality of management traffic.
SNMPv3 includes the option to encrypt traffic between the agent (residing on the network device) and
the management application (EPICenter). This prevents unauthorized eavesdropping on sensitive
management data.
The EPICenter Inventory Manager can discover SNMPv3 devices in your enterprise network. Click on
the Discover button to set the discovery options for building an inventory of your network. Select the
SNMPv3 discovery checkbox to add SNMPv3-enabled devices to your inventory.
You can also add a device to the Inventory Manager, manually entering the SNMPv3 settings for the
device. This includes the authentication and privacy settings for SNMPv3 and the passwords.

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the Extreme Networks EPICenter Guide and is the answer not in the manual?

Extreme Networks EPICenter Guide Specifications

General IconGeneral
BrandExtreme Networks
ModelEPICenter Guide
CategorySoftware
LanguageEnglish

Summary

EPICenter Overview

EPICenter Features

Comprehensive overview of the EPICenter software's capabilities and advantages for network management.

Inventory Management

Manages a database of all devices, enabling discovery and status tracking of network components.

The Alarm System

Provides fault detection and alarm handling for network devices, allowing custom alarm definitions.

Getting Started with EPICenter

Starting EPICenter

Details on launching the EPICenter server and client components for initial use.

Creating the Device Inventory

First step in using EPICenter to populate the inventory database through discovery or manual addition.

Managing your Network Assets

Using Discovery to Find Network Devices

Utilizes the Inventory Manager's discovery feature to automatically find network devices running SNMP agents.

Organizing Your Inventory with Device Groups

Groups devices with common characteristics for unit management, simplifying tasks like alarm scoping.

Configuring and Monitoring Your Network

User-Defined Telnet Macros

Enables creation and execution of Telnet macros for automating configuration tasks on multiple devices.

Network-wide VLAN Configuration

Manages VLANs across multiple devices, providing network-wide visibility and configuration capabilities.

Managing Network Security

Management Access Security

Secures switch configuration and traffic monitoring, controlling user access and ensuring confidentiality.

Using RADIUS for EPICenter User Authentication

Configures EPICenter to use an external RADIUS server for robust user authentication and authorization.

Tuning and Debugging EPICenter

Monitoring and Tuning EPICenter Performance

Addresses factors affecting EPICenter performance and provides tuning strategies for optimal operation.

Tuning the Alarm System

Optimizes alarm system performance by disabling unnecessary alarms and scoping them to relevant devices.

EPICenter Utilities

The DevCLI Utility

Command-line utility for managing devices and device groups, useful for bulk operations and automation.

Inventory Export Scripts

Scripts to export device or slot information from EPICenter inventory into CSV format for analysis.

Related product manuals